Vulnerability Description
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radare | Radare2 | 1.5.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99608Third Party AdvisoryVDB Entry
- https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e8PatchThird Party Advisory
- https://github.com/radare/radare2/issues/7855Third Party Advisory
- http://www.securityfocus.com/bid/99608Third Party AdvisoryVDB Entry
- https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e8PatchThird Party Advisory
- https://github.com/radare/radare2/issues/7855Third Party Advisory
FAQ
What is CVE-2017-10929?
CVE-2017-10929 is a vulnerability with a CVSS score of 7.8 (HIGH). The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified...
How severe is CVE-2017-10929?
CVE-2017-10929 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-10929?
Check the references section above for vendor advisories and patch information. Affected products include: Radare Radare2.